evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ipset: Stop using NLA_PUT*().

Browse source 
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2012-04-01 19:54:46 -04:00
parent 6c1dd3b6a3
commit 7cf7899d9e
14 changed files with 308 additions and 257 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
include/linux/netfilter/ipset/ip_set.h
View file

@ -411,26 +411,32 @@ ip_set_get_h16(const struct nlattr *attr)
#define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED) #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED)
#define ipset_nest_end(skb, start) nla_nest_end(skb, start) #define ipset_nest_end(skb, start) nla_nest_end(skb, start)
#define NLA_PUT_IPADDR4(skb, type, ipaddr) \ static inline int nla_put_ipaddr4(struct sk_buff *skb, int type, __be32 ipaddr)
do { \ {
struct nlattr *__nested = ipset_nest_start(skb, type); \ struct nlattr *__nested = ipset_nest_start(skb, type);
\ int ret;
if (!__nested) \
goto nla_put_failure; \
NLA_PUT_NET32(skb, IPSET_ATTR_IPADDR_IPV4, ipaddr); \
ipset_nest_end(skb, __nested); \
} while (0)
#define NLA_PUT_IPADDR6(skb, type, ipaddrptr) \ if (!__nested)
do { \ return -EMSGSIZE;
struct nlattr *__nested = ipset_nest_start(skb, type); \ ret = nla_put_net32(skb, IPSET_ATTR_IPADDR_IPV4, ipaddr);
\ if (!ret)
if (!__nested) \ ipset_nest_end(skb, __nested);
goto nla_put_failure; \ return ret;
NLA_PUT(skb, IPSET_ATTR_IPADDR_IPV6, \ }
sizeof(struct in6_addr), ipaddrptr); \
ipset_nest_end(skb, __nested); \ static inline int nla_put_ipaddr6(struct sk_buff *skb, int type, const struct in6_addr *ipaddrptr)
} while (0) {
struct nlattr *__nested = ipset_nest_start(skb, type);
int ret;
if (!__nested)
return -EMSGSIZE;
ret = nla_put(skb, IPSET_ATTR_IPADDR_IPV6,
sizeof(struct in6_addr), ipaddrptr);
if (!ret)
ipset_nest_end(skb, __nested);
return ret;
}
/* Get address from skbuff */ /* Get address from skbuff */
static inline __be32 static inline __be32

21
include/linux/netfilter/ipset/ip_set_ahash.h
View file

@ -594,17 +594,20 @@ type_pf_head(struct ip_set *set, struct sk_buff *skb)
nested = ipset_nest_start(skb, IPSET_ATTR_DATA); nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested) if (!nested)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_NET32(skb, IPSET_ATTR_HASHSIZE, if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE,
htonl(jhash_size(h->table->htable_bits))); htonl(jhash_size(h->table->htable_bits))) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem)); nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem)))
goto nla_put_failure;
#ifdef IP_SET_HASH_WITH_NETMASK #ifdef IP_SET_HASH_WITH_NETMASK
if (h->netmask != HOST_MASK) if (h->netmask != HOST_MASK &&
NLA_PUT_U8(skb, IPSET_ATTR_NETMASK, h->netmask); nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask))
goto nla_put_failure;
#endif #endif
NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)); nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) ||
if (with_timeout(h->timeout)) (with_timeout(h->timeout) &&
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout)); nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
return 0; return 0;

33
net/netfilter/ipset/ip_set_bitmap_ip.c
View file

@ -109,8 +109,9 @@ bitmap_ip_list(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
htonl(map->first_ip + id * map->hosts)); htonl(map->first_ip + id * map->hosts)))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, atd); ipset_nest_end(skb, atd);
@ -194,10 +195,11 @@ bitmap_ip_tlist(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
htonl(map->first_ip + id * map->hosts)); htonl(map->first_ip + id * map->hosts)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(members[id]))); htonl(ip_set_timeout_get(members[id]))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, adt); ipset_nest_end(skb, adt);
@ -334,15 +336,16 @@ bitmap_ip_head(struct ip_set *set, struct sk_buff *skb)
nested = ipset_nest_start(skb, IPSET_ATTR_DATA); nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested) if (!nested)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, htonl(map->first_ip)); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)); nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) ||
if (map->netmask != 32) (map->netmask != 32 &&
NLA_PUT_U8(skb, IPSET_ATTR_NETMASK, map->netmask); nla_put_u8(skb, IPSET_ATTR_NETMASK, map->netmask)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
htonl(sizeof(*map) + map->memsize)); htonl(sizeof(*map) + map->memsize)) ||
if (with_timeout(map->timeout)) (with_timeout(map->timeout) &&
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
return 0; return 0;

43
net/netfilter/ipset/ip_set_bitmap_ipmac.c
View file

@ -186,11 +186,12 @@ bitmap_ipmac_list(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
htonl(map->first_ip + id)); htonl(map->first_ip + id)) ||
if (elem->match == MAC_FILLED) (elem->match == MAC_FILLED &&
NLA_PUT(skb, IPSET_ATTR_ETHER, ETH_ALEN, nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
elem->ether); elem->ether)))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, atd); ipset_nest_end(skb, atd);
@ -314,14 +315,16 @@ bitmap_ipmac_tlist(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, if (nla_put_ipaddr4(skb, IPSET_ATTR_IP,
htonl(map->first_ip + id)); htonl(map->first_ip + id)) ||
if (elem->match == MAC_FILLED) (elem->match == MAC_FILLED &&
NLA_PUT(skb, IPSET_ATTR_ETHER, ETH_ALEN, nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN,
elem->ether); elem->ether)))
goto nla_put_failure;
timeout = elem->match == MAC_UNSET ? elem->timeout timeout = elem->match == MAC_UNSET ? elem->timeout
: ip_set_timeout_get(elem->timeout); : ip_set_timeout_get(elem->timeout);
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout)); if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout)))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, atd); ipset_nest_end(skb, atd);
@ -438,14 +441,16 @@ bitmap_ipmac_head(struct ip_set *set, struct sk_buff *skb)
nested = ipset_nest_start(skb, IPSET_ATTR_DATA); nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested) if (!nested)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, htonl(map->first_ip)); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)); nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
htonl(sizeof(*map) htonl(sizeof(*map) +
+ (map->last_ip - map->first_ip + 1) * map->dsize)); ((map->last_ip - map->first_ip + 1) *
if (with_timeout(map->timeout)) map->dsize))) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); (with_timeout(map->timeout) &&
nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
return 0; return 0;

29
net/netfilter/ipset/ip_set_bitmap_port.c
View file

@ -96,8 +96,9 @@ bitmap_port_list(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, if (nla_put_net16(skb, IPSET_ATTR_PORT,
htons(map->first_port + id)); htons(map->first_port + id)))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, atd); ipset_nest_end(skb, atd);
@ -183,10 +184,11 @@ bitmap_port_tlist(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, if (nla_put_net16(skb, IPSET_ATTR_PORT,
htons(map->first_port + id)); htons(map->first_port + id)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(members[id]))); htonl(ip_set_timeout_get(members[id]))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }
ipset_nest_end(skb, adt); ipset_nest_end(skb, adt);
@ -320,13 +322,14 @@ bitmap_port_head(struct ip_set *set, struct sk_buff *skb)
nested = ipset_nest_start(skb, IPSET_ATTR_DATA); nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested) if (!nested)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, htons(map->first_port)); if (nla_put_net16(skb, IPSET_ATTR_PORT, htons(map->first_port)) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)); nla_put_net16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
htonl(sizeof(*map) + map->memsize)); htonl(sizeof(*map) + map->memsize)) ||
if (with_timeout(map->timeout)) (with_timeout(map->timeout) &&
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
return 0; return 0;

43
net/netfilter/ipset/ip_set_core.c
View file

@ -1092,19 +1092,21 @@ dump_last:
ret = -EMSGSIZE; ret = -EMSGSIZE;
goto release_refcount; goto release_refcount;
} }
NLA_PUT_U8(skb, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); if (nla_put_u8(skb, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) ||
NLA_PUT_STRING(skb, IPSET_ATTR_SETNAME, set->name); nla_put_string(skb, IPSET_ATTR_SETNAME, set->name))
goto nla_put_failure;
if (dump_flags & IPSET_FLAG_LIST_SETNAME) if (dump_flags & IPSET_FLAG_LIST_SETNAME)
goto next_set; goto next_set;
switch (cb->args[2]) { switch (cb->args[2]) {
case 0: case 0:
/* Core header data */ /* Core header data */
NLA_PUT_STRING(skb, IPSET_ATTR_TYPENAME, if (nla_put_string(skb, IPSET_ATTR_TYPENAME,
set->type->name); set->type->name) ||
NLA_PUT_U8(skb, IPSET_ATTR_FAMILY, nla_put_u8(skb, IPSET_ATTR_FAMILY,
set->family); set->family) ||
NLA_PUT_U8(skb, IPSET_ATTR_REVISION, nla_put_u8(skb, IPSET_ATTR_REVISION,
set->revision); set->revision))
goto nla_put_failure;
ret = set->variant->head(set, skb); ret = set->variant->head(set, skb);
if (ret < 0) if (ret < 0)
goto release_refcount; goto release_refcount;
@ -1410,11 +1412,12 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb,
IPSET_CMD_HEADER); IPSET_CMD_HEADER);
if (!nlh2) if (!nlh2)
goto nlmsg_failure; goto nlmsg_failure;
NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) ||
NLA_PUT_STRING(skb2, IPSET_ATTR_SETNAME, set->name); nla_put_string(skb2, IPSET_ATTR_SETNAME, set->name) ||
NLA_PUT_STRING(skb2, IPSET_ATTR_TYPENAME, set->type->name); nla_put_string(skb2, IPSET_ATTR_TYPENAME, set->type->name) ||
NLA_PUT_U8(skb2, IPSET_ATTR_FAMILY, set->family); nla_put_u8(skb2, IPSET_ATTR_FAMILY, set->family) ||
NLA_PUT_U8(skb2, IPSET_ATTR_REVISION, set->revision); nla_put_u8(skb2, IPSET_ATTR_REVISION, set->revision))
goto nla_put_failure;
nlmsg_end(skb2, nlh2); nlmsg_end(skb2, nlh2);
ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
@ -1469,11 +1472,12 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb,
IPSET_CMD_TYPE); IPSET_CMD_TYPE);
if (!nlh2) if (!nlh2)
goto nlmsg_failure; goto nlmsg_failure;
NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) ||
NLA_PUT_STRING(skb2, IPSET_ATTR_TYPENAME, typename); nla_put_string(skb2, IPSET_ATTR_TYPENAME, typename) ||
NLA_PUT_U8(skb2, IPSET_ATTR_FAMILY, family); nla_put_u8(skb2, IPSET_ATTR_FAMILY, family) ||
NLA_PUT_U8(skb2, IPSET_ATTR_REVISION, max); nla_put_u8(skb2, IPSET_ATTR_REVISION, max) ||
NLA_PUT_U8(skb2, IPSET_ATTR_REVISION_MIN, min); nla_put_u8(skb2, IPSET_ATTR_REVISION_MIN, min))
goto nla_put_failure;
nlmsg_end(skb2, nlh2); nlmsg_end(skb2, nlh2);
pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len); pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len);
@ -1517,7 +1521,8 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
IPSET_CMD_PROTOCOL); IPSET_CMD_PROTOCOL);
if (!nlh2) if (!nlh2)
goto nlmsg_failure; goto nlmsg_failure;
NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL))
goto nla_put_failure;
nlmsg_end(skb2, nlh2); nlmsg_end(skb2, nlh2);
ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);

20
net/netfilter/ipset/ip_set_hash_ip.c
View file

@ -81,7 +81,8 @@ hash_ip4_data_zero_out(struct hash_ip4_elem *elem)
static inline bool static inline bool
hash_ip4_data_list(struct sk_buff *skb, const struct hash_ip4_elem *data) hash_ip4_data_list(struct sk_buff *skb, const struct hash_ip4_elem *data)
{ {
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -94,9 +95,10 @@ hash_ip4_data_tlist(struct sk_buff *skb, const struct hash_ip4_elem *data)
const struct hash_ip4_telem *tdata = const struct hash_ip4_telem *tdata =
(const struct hash_ip4_telem *)data; (const struct hash_ip4_telem *)data;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))))
goto nla_put_failure;
return 0; return 0;
@ -262,7 +264,8 @@ ip6_netmask(union nf_inet_addr *ip, u8 prefix)
static bool static bool
hash_ip6_data_list(struct sk_buff *skb, const struct hash_ip6_elem *data) hash_ip6_data_list(struct sk_buff *skb, const struct hash_ip6_elem *data)
{ {
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -275,9 +278,10 @@ hash_ip6_data_tlist(struct sk_buff *skb, const struct hash_ip6_elem *data)
const struct hash_ip6_telem *e = const struct hash_ip6_telem *e =
(const struct hash_ip6_telem *)data; (const struct hash_ip6_telem *)data;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

37
net/netfilter/ipset/ip_set_hash_ipport.c
View file

@ -93,9 +93,10 @@ static bool
hash_ipport4_data_list(struct sk_buff *skb, hash_ipport4_data_list(struct sk_buff *skb,
const struct hash_ipport4_elem *data) const struct hash_ipport4_elem *data)
{ {
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -109,12 +110,12 @@ hash_ipport4_data_tlist(struct sk_buff *skb,
const struct hash_ipport4_telem *tdata = const struct hash_ipport4_telem *tdata =
(const struct hash_ipport4_telem *)data; (const struct hash_ipport4_telem *)data;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -308,9 +309,10 @@ static bool
hash_ipport6_data_list(struct sk_buff *skb, hash_ipport6_data_list(struct sk_buff *skb,
const struct hash_ipport6_elem *data) const struct hash_ipport6_elem *data)
{ {
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -324,11 +326,12 @@ hash_ipport6_data_tlist(struct sk_buff *skb,
const struct hash_ipport6_telem *e = const struct hash_ipport6_telem *e =
(const struct hash_ipport6_telem *)data; (const struct hash_ipport6_telem *)data;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

45
net/netfilter/ipset/ip_set_hash_ipportip.c
View file

@ -94,10 +94,11 @@ static bool
hash_ipportip4_data_list(struct sk_buff *skb, hash_ipportip4_data_list(struct sk_buff *skb,
const struct hash_ipportip4_elem *data) const struct hash_ipportip4_elem *data)
{ {
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, data->ip2); nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -111,13 +112,13 @@ hash_ipportip4_data_tlist(struct sk_buff *skb,
const struct hash_ipportip4_telem *tdata = const struct hash_ipportip4_telem *tdata =
(const struct hash_ipportip4_telem *)data; (const struct hash_ipportip4_telem *)data;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, tdata->ip2); nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -319,10 +320,11 @@ static bool
hash_ipportip6_data_list(struct sk_buff *skb, hash_ipportip6_data_list(struct sk_buff *skb,
const struct hash_ipportip6_elem *data) const struct hash_ipportip6_elem *data)
{ {
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -336,12 +338,13 @@ hash_ipportip6_data_tlist(struct sk_buff *skb,
const struct hash_ipportip6_telem *e = const struct hash_ipportip6_telem *e =
(const struct hash_ipportip6_telem *)data; (const struct hash_ipportip6_telem *)data;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

69
net/netfilter/ipset/ip_set_hash_ipportnet.c
View file

@ -124,13 +124,14 @@ hash_ipportnet4_data_list(struct sk_buff *skb,
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, data->ip2); nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -145,16 +146,16 @@ hash_ipportnet4_data_tlist(struct sk_buff *skb,
(const struct hash_ipportnet4_telem *)data; (const struct hash_ipportnet4_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, tdata->ip2); nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -436,13 +437,14 @@ hash_ipportnet6_data_list(struct sk_buff *skb,
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -457,15 +459,16 @@ hash_ipportnet6_data_tlist(struct sk_buff *skb,
(const struct hash_ipportnet6_telem *)data; (const struct hash_ipportnet6_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

45
net/netfilter/ipset/ip_set_hash_net.c
View file

@ -111,10 +111,11 @@ hash_net4_data_list(struct sk_buff *skb, const struct hash_net4_elem *data)
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -128,13 +129,13 @@ hash_net4_data_tlist(struct sk_buff *skb, const struct hash_net4_elem *data)
(const struct hash_net4_telem *)data; (const struct hash_net4_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, tdata->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, tdata->cidr) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -339,10 +340,11 @@ hash_net6_data_list(struct sk_buff *skb, const struct hash_net6_elem *data)
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -356,12 +358,13 @@ hash_net6_data_tlist(struct sk_buff *skb, const struct hash_net6_elem *data)
(const struct hash_net6_telem *)data; (const struct hash_net6_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, e->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, e->cidr) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

52
net/netfilter/ipset/ip_set_hash_netiface.c
View file

@ -252,11 +252,12 @@ hash_netiface4_data_list(struct sk_buff *skb,
if (data->nomatch) if (data->nomatch)
flags |= IPSET_FLAG_NOMATCH; flags |= IPSET_FLAG_NOMATCH;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -273,13 +274,14 @@ hash_netiface4_data_tlist(struct sk_buff *skb,
if (data->nomatch) if (data->nomatch)
flags |= IPSET_FLAG_NOMATCH; flags |= IPSET_FLAG_NOMATCH;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))))
goto nla_put_failure;
return 0; return 0;
@ -555,11 +557,12 @@ hash_netiface6_data_list(struct sk_buff *skb,
if (data->nomatch) if (data->nomatch)
flags |= IPSET_FLAG_NOMATCH; flags |= IPSET_FLAG_NOMATCH;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -576,13 +579,14 @@ hash_netiface6_data_tlist(struct sk_buff *skb,
if (data->nomatch) if (data->nomatch)
flags |= IPSET_FLAG_NOMATCH; flags |= IPSET_FLAG_NOMATCH;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) ||
NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

61
net/netfilter/ipset/ip_set_hash_netport.c
View file

@ -124,12 +124,13 @@ hash_netport4_data_list(struct sk_buff *skb,
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -144,15 +145,15 @@ hash_netport4_data_tlist(struct sk_buff *skb,
(const struct hash_netport4_telem *)data; (const struct hash_netport4_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(tdata->timeout))); htonl(ip_set_timeout_get(tdata->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -402,12 +403,13 @@ hash_netport6_data_list(struct sk_buff *skb,
{ {
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:
@ -422,14 +424,15 @@ hash_netport6_data_tlist(struct sk_buff *skb,
(const struct hash_netport6_telem *)data; (const struct hash_netport6_telem *)data;
u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0;
NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) ||
NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); nla_put_net16(skb, IPSET_ATTR_PORT, data->port) ||
NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) ||
NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) ||
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, nla_put_net32(skb, IPSET_ATTR_TIMEOUT,
htonl(ip_set_timeout_get(e->timeout))); htonl(ip_set_timeout_get(e->timeout))) ||
if (flags) (flags &&
NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))))
goto nla_put_failure;
return 0; return 0;
nla_put_failure: nla_put_failure:

23
net/netfilter/ipset/ip_set_list_set.c
View file

@ -402,12 +402,13 @@ list_set_head(struct ip_set *set, struct sk_buff *skb)
nested = ipset_nest_start(skb, IPSET_ATTR_DATA); nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested) if (!nested)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_NET32(skb, IPSET_ATTR_SIZE, htonl(map->size)); if (nla_put_net32(skb, IPSET_ATTR_SIZE, htonl(map->size)) ||
if (with_timeout(map->timeout)) (with_timeout(map->timeout) &&
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))) ||
NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
htonl(sizeof(*map) + map->size * map->dsize)); htonl(sizeof(*map) + map->size * map->dsize)))
goto nla_put_failure;
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
return 0; return 0;
@ -442,13 +443,15 @@ list_set_list(const struct ip_set *set,
} else } else
goto nla_put_failure; goto nla_put_failure;
} }
NLA_PUT_STRING(skb, IPSET_ATTR_NAME, if (nla_put_string(skb, IPSET_ATTR_NAME,
ip_set_name_byindex(e->id)); ip_set_name_byindex(e->id)))
goto nla_put_failure;
if (with_timeout(map->timeout)) { if (with_timeout(map->timeout)) {
const struct set_telem *te = const struct set_telem *te =
(const struct set_telem *) e; (const struct set_telem *) e;
NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, __be32 to = htonl(ip_set_timeout_get(te->timeout));
htonl(ip_set_timeout_get(te->timeout))); if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, to))
goto nla_put_failure;
} }
ipset_nest_end(skb, nested); ipset_nest_end(skb, nested);
} }